Asprox Botnet Becomes Alive, Uses Old SQL Injection Tricks

According to security researchers, a botnet constituted of numerous compromised PCs has become active again over recent days and is infecting websites in order that they may spread malware onto the computers of unwary visitors.

Called Asprox, after the toolkit used in attacks, the botnet drew attention during May-June 2009 when it contaminated several thousand websites hosted on over 1,000 Web domains, especially infecting the sites belonging to small businesses, local governments and schools.

In a posting to a personal blog, Gary Warner, director of computer forensics research at the University of Alabama at Birmingham, wrote that after remaining inactive for several months, the botnet had re-emerged with its familiar tactics. PCWorld reported this on October 2, 2009.

Furthermore, the researcher wrote on September 30, 2009 that Asprox's SQL injection attack is targeting the vulnerable ASP Web pages hosted on IIS Servers in an attempt to embed an offensive JavaScript on authentic websites by means of compromising fundamental Microsoft SQL-servers.

Moreover the JavaScript resulted in the loading of an iFrame that, in turn, resulted in loading of a file named adtcp.ru/ad/index.php, with the related domain registered on September 29, 2009 with an associated e-mail id, omit@blogbuddy.ru.

Meanwhile, the key website that's currently serving the malevolent script is 'ads-t.ru'. Further, the websites that the particular attack toolkit has compromised have a tag that takes one onto the 'ads-t.ru/ads.js' page. Hunting for this string on Google, the search-engine returns several thousand additional websites that have been injected with this malicious code.

Furthermore, security firm SecureWorks has monitored the assaults just a few days ago and has found a rise in the SQL injection assaults on the firm's customers, revealed Jason Milletary, security researcher at SecureWorks. PCWorld reported this on October 2, 2009. However, according to Milletary, it's still unclear if the assaults are as dangerous as in the past.

Moreover, the above findings show that while new bot-networks are being created, the older ones are also active. A recent report by MessageLabs, another security firm, states that bots are distributing more than 150 Billion spam e-mails daily. Reportedly, for Q3 2009, volume of spam generated by bots was nearly 88% of the total spam generated during the period.

Related article: Asprox Virus Attacks Several Websites in UK

» SPAMfighter News - 10/23/2009